Performance and security offered by today’s fingerprint scanners are highly depended on their matching accuracy and ability to keep errors under control. If fingerprint recognition devices fail to maintain optimum matching accuracy and error control mechanism, they will become more of a problem than a solution.
Today, fingerprint scanners enjoy widespread popularity and a growth rate of deployment in all sorts of applications. One of the reasons for the growing penetration of fingerprint recognition devices is that they have been able to maintain the delicate balance between convenience and security. However, there are still several issues, errors and limitations that this technology has to deal with.
What are different errors in fingerprint matching? How the fingerprint error rate is evaluated and what are the limitations of fingerprint biometrics? This article tries to dig the topic deeper.
How reliable is fingerprinting as a means of identification
Fingerprint technology offers extremely high accuracy but this accuracy is contingent upon many factors. The probability of false positives (illegitimate access due to wrong matching) is nearly zero and with the help of live scanning, it could be completely eliminated. However, there is a good chance of false negatives (inability to recognize a legitimate user) if proper scanning doesn’t take place. Some of the simple rules that could facilitate proper fingerprint extraction by the sensor were discussed in the earlier posts.
The friction ridges present on the fingers form distinctive patterns that are unique to a person and minutiae points that are formed at ridge ending and ridge bifurcation are extracted from these patterns to be used later for verification or identification process. The first major factor that affects the accuracy of a fingerprint scanner is human error. When a sensor reads a fingerprint, it creates multiple digital templates with the help of minutiae points which are then stored in the database for future matching. If consequent fingerprints captured are not adequate to create templates for database matching, then false negatives occur. Skin conditions such as wet, dry, greasy, finger injury, etc. are common impediments to optimal digital capture. Enrolling more than one finger generally solves most of these problems.
Device capabilities also play a pivotal role in the recognition process. Since the minutiae points are quite subtle and skin conditions could hamper correct template formation, it is vital that the device (sensor & associated hardware) is capable of capturing the best possible images even when the external conditions are far from being ideal. DPI (dots per inch) which essentially refers to the amount of information stored within an inch of space in the digital image is a primary deciding factor for image quality obtained. According to most image quality & matching standards such as ISO 19794-2/4, ANSI 378, & NFIQ, the optimal value is in the range of 500 DPI. Our fingerprint biometric recognition systems that we distribute worldwide comply with such stringent quality standards.
The matching software or algorithm is another important factor when it comes to the accuracy of fingerprint recognition systems. Fingerprint enhancement algorithms are widely used by the sensors so that the extraction of the minutiae points is as distinctive & clear as possible. Depending on this extraction, matching algorithms then initiate the identification or verification process.
Fingerprint matching: accuracy is the key
Today, a large number of applications depend on automated fingerprint recognition to function. This dependence has grown to the level where applications will render inoperable if the fingerprint recognition technology gets out of the picture. One of the key factors driving the popularity of fingerprint biometrics is the unmatched balance of convenience with the security offered by this technology.
This delicate balance of security and convenience is very important for the fingerprint scanners to maintain. If you design them to be highly secure, they would become inconvenient. On the other hand, the high level of convenience would compromise security. So it is crucial to maintain this balance to ensure user convenience as well as an optimum level of authentication security.
This security – convenience balance is also the reason why sometimes fingerprint scanners refuse to pass you through, despite presenting the registered fingerprint. If they find your scan to have not enough details/clarity, they might ask for a rescan to ensure that it is in fact the authorized person who is seeking the access.
Accuracy is an important factor to ensure that security – convenience balance stays maintained. Accuracy itself depends on a lot of sub-factors including the components and technology used in the scanner, environmental factors, as well as the quality and usability of user fingerprints. These factors directly affect the fingerprint image quality captured by the scanner, which in turn affects the scanner performance directly. In fact, fingerprint image accuracy is the key to matching performance, which we have covered in great detail in this article.
But how accurate fingerprint scanners are today? We will have a look at it in the subsequent sections but before examining the accuracy of today’s fingerprint scanners, it is also important to understand different errors encountered by a fingerprint identification system.
Errors in fingerprint identification
At user level, today’s fingerprint identification technology may seem impeccable. If you register one finger, there is no way you would be able to authenticate using another finger. There are chances that you had already tested it on your electronic devices such as phones, notebooks, etc. using different fingers. No surprise that fingerprint recognition may seem impossible to fool during such user level tests.
However, that is not the case when it comes to testing fingerprint devices in a professional testing and evaluation setup. Fingerprint recognition systems do make errors, which majorly include: not identifying a registered finger, or identifying an unregistered finger out of error.
Errors in fingerprint recognition systems are kept under control to ensure optimum security and performance of the system. These systems are taken through the evaluation process to collect data about their performance. This data is collected using biometric security and performance metrics. Biometric security and performance metrics help experts evaluate the systems on different criteria as well as allow them to keep errors under a certain threshold.
This is the type of error that most users encounter, especially who use fingerprint authentication frequently. Commonly referred to as “failed attempts”, false rejections are more prevalent than any other type of error. This error occurs when a recognition system refuses to let you through, even if you present the registered fingerprint. This error is not an application, device, or system-specific and you can come across it on any fingerprint recognition system, such as your phone, PC, biometric ATM, or office attendance system. It is a “false” rejection, which means that it should have been accepted by the recognition system.
There can be many reasons behind the rejection of a registered fingerprint by the recognition systems such as dirty / wet / dry fingers, environmental conditions (extremely hot / cold weather), dirty / scratched / broken sensor surface, etc. Regardless of the type of the reason for a failed attempt or false rejection, the bad image quality of captured fingerprint image is the root cause of this incident.
When the recognition system is not able to capture the fingerprint image above the set quality threshold, it will reject the acquired image and ask the user to rescan.
The metrics used for the fingerprint error rate of false rejections is called FRR (False Rejection Rate).
False acceptance, as the name suggests, is an erroneous outcome in a fingerprint recognition systems, in which the systems fallaciously accepts an unregistered / unauthorized fingerprint scan and grants the access. False acceptances can be more concerning than false rejections, as they can let an unauthorized user gain access to sensitive resources or physical facilities. An incident of false acceptance takes place due to erroneous matching of a sample acquired for performing authentication with a stored template, which belongs to an authorized user.
The metrics used for the fingerprint error rate of false acceptances is called FAR (False Acceptance Rate).
How fingerprint error rate is evaluated?
To evaluate the fingerprint error rate of a target recognition system, it is taken through the security ad performance evaluation process. During this process, the target system’s security is evaluated by making fingerprint matching attempts with registered as well as imposter fingerprint scans. Data of the outcomes (match / no match) is collected and analyzed. It is made sure that the system performs as per expectations and the false rejection rate and the false acceptance rate is below the set standards. If they are not, the system is recalibrated until the expected performance is exhibited in the systems.
Limitations of fingerprint biometrics
Fingerprint biometrics has attained the level at which it can be securely used for personal identification and authentication from low to high security applications. This technology can be tweaked for high security (such as two / multi-finger authentication) as well as convenience-focused use cases (such as authentication with partial fingerprints on mobile phones). It can also be used with other authentication factors (such as passwords, IDs, etc.) for even higher security by setting up two/multi-factor authentication.
However, fingerprint biometrics still has many limitations and challenges to address.
Spoofing and presentation attacks
Despite the unprecedented growth and advancements in biometric fingerprint recognition technology, spoofing still remains the biggest challenge for this technology. Biometric spoofing is a circumvention method, in which a fake replica (such as a finger, mask, eye, etc.) is presented to a biometric system in order to circumvent its security. This replica has to have the exact biometric pattern to be able to circumvent the systems.
To address the problem of spoofing attacks, today’s biometric fingerprint recognition systems make use of anti-spoofing technologies and liveness detection mechanisms. It is helpful in ensuring that the fingerprint sample is presented by a person and not by a spoof, however, a highly sophisticated spoof that can imitate liveness features may still be able to fool these systems. Spoofing attacks and anti-spoofing countermeasures are going to be a constant tug of war between security experts and cybercriminals.
Unalterable nature of biometric identifiers
Biometric identifiers are unalterable in nature, which means they cannot be changed like your password or PIN or reissued like IDs, if compromised. If a cybercriminal is able to capture your biometric patterns (such as fingerprint pattern, 3D face geometry, etc.), s/he can create spoofs (such as fingerprint replica, 3D face mast, etc.) to circumvent a biometric system you are registered on.
There is also a possibility that an electronic system (such as a sniffer, third party application, etc.) is used in conjunction with the biometric system to capture your digital biometric data when you use the system. Biometric devices encounter this problem by encrypting the biometric data before storing or transmitting it. Anti-spoofing and liveness detection technologies are other approaches to deter the circumvention of biometric systems.
Technology related limitations
Like all other technologies, biometric systems also suffer from technology-related limitations. Today’s fingerprint recognition systems can work in harsh environmental conditions as well as challenging scenarios, still, they cannot keep up beyond a certain limit. For example, harshest environmental conditions such as excessive humidity, extreme temperature, intense ambient lighting, etc. may cause them to break. Technical failures may be rare, yet they can happen. Fingerprint recognition systems, being electronic devices, depend on electricity to function so episodes of power outage/failure will render them unusable.
False rejections / acceptances
Time of response in modern fingerprint biometric systems is faster than ever and in 1:1 matching, most system will take only a fraction of a second to authenticate an identity. However, the biggest problem with these systems is reliability when used in crucial situations, where errors such as false rejection cannot be afforded.
There are scenarios where errors like false rejections or false acceptances can be fatal, even disastrous. For example, a law enforcement officer may not afford a false rejection from a smart gun that uses fingerprints to unlock the gun safety lock. In the scenarios where the officer needs to use his/her weapon quickly, delay caused by false rejection can be fatal.
Superficially, fingerprint biometrics may seem as if it has the ability to provide identity to anyone who has at least one finger; however that is not always the case in real-life circumstances. Today’s biometric fingerprint recognition systems are more efficient than ever and would accept most fingerprint patterns. However, they still need fingerprint quality of to be above a certain threshold to be able to accept and process them further.
People with imperfect or worn-off fingerprints automatically get “out of coverage” as the recognition systems cannot read or accept their fingerprints. There can be many reasons causing fingerprint quality to deteriorate. In most cases, age and skin diseases can cause fingerprint quality to deteriorate.
Work conditions that require people to use their hands for manual labor or handle chemicals regularly, can also cause fingerprints to wear off. Population coverage can be a major challenge in large-scale biometric identification campaigns. However, this challenge can be addressed with multi-modal biometrics that leverages more than one biometric modality to establish an individual’s identity, (such as face + fingerprints).
So, how accurate fingerprint scanners are today?
National Institute of Standards and Technology (NIST) a U.S. agency that works in the area of standardization and technology conducted a study to test the modern fingerprint scanners in terms of accuracy. The agency tested 34 commercially available fingerprint scanners from 18 brands available across the globe. In the study, the agency found the best performing fingerprint recognition systems to be highly accurate – they were accurate more than 99 percent of the time.
The study clearly shows that today’s fingerprint scanners have reached a point where their accuracy can be more than 99 percent, provided you use high-quality scanners.
From providing enterprise-level security to businesses across the globe to making smartphones & laptops safer against unauthorized access, fingerprint technology has permeated every possible security system in use today. Being the oldest biometric recognition system in play, it has been well-integrated into enterprise-level security applications across industries. The widespread acceptance & easiness to operate coupled with cost-effectiveness provide it appreciable clout over the other under-developed biometric technologies.
The rate of adoption of fingerprint scanners during the last couple of decades has been astonishing. Once stigmatized as a criminal identification method, this technology now enjoys widespread acceptance. One of the major factors driving the growth of fingerprint biometrics is the perfect balance of security and convenience that it offers.
This delicate balance of convenience and security is highly dependent on fingerprint matching accuracy. Several studies have shown that modern fingerprint recognition systems are highly accurate. However, errors such as false acceptances and false rejections are still a reality for these modern fingerprint recognition devices.
There are still challenges and limitations in terms of technology, population coverage, and security, however, most of these challenges can be and will be addressed at some point in the future.